NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月12日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
901	9.3	CRITICAL ネットワーク	checkpoint	gaia_os gaia_embedded	A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish … Update	CWE-287 不適切な認証	CVE-2026-50751	2026-06-10 03:30	2026-06-8	表示	GitHub Exploit DB Packet Storm

902	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se… Update	CWE-284 不適切なアクセス制御	CVE-2026-11277	2026-06-10 03:26	2026-06-5	表示	GitHub Exploit DB Packet Storm

903	5.8	MEDIUM ネットワーク	-	-	On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is … Update	CWE-1023 要素の欠如による不完全な比較	CVE-2026-7473	2026-06-10 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

904	8.8	HIGH ネットワーク	-	-	The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I… New	CWE-89 SQLインジェクション	CVE-2026-50636	2026-06-10 03:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

905	8.8	HIGH ネットワーク	-	-	LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the d… New	CWE-640 パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み	CVE-2026-50635	2026-06-10 03:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

906	7.8	HIGH ローカル	-	-	Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-50512	2026-06-10 03:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

907	7.8	HIGH ローカル	-	-	Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. New	CWE-59 リンク解釈の問題	CVE-2026-50511	2026-06-10 03:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

908	6.5	MEDIUM ネットワーク	-	-	Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi… New	CWE-862 認証の欠如	CVE-2026-49956	2026-06-10 03:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

909	8.1	HIGH ネットワーク	-	-	Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. New	CWE-285 不適切な認可	CVE-2026-45503	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

910	6.5	MEDIUM ネットワーク	-	-	Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network. New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-45501	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

911	6.3	MEDIUM ローカル	-	-	Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p… New	CWE-59 リンク解釈の問題	CVE-2026-44275	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

912	6.3	MEDIUM ローカル	-	-	Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p… New	CWE-1386 Windows ジャンクション / マウントポイントの安全でない操作	CVE-2026-41116	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

913	-	-	-	-	Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability. New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-28237	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

914	8.8	HIGH ネットワーク	google	chrome	Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … Update	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2026-11645	2026-06-10 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

915	-	-	-	-	Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service. New	CWE-497 認可されていない制御領域への重要情報の漏えい	CVE-2026-0466	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

916	-	-	-	-	Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) po… New	CWE-1262 レジスタインターフェイスの不適切なアクセス制御	CVE-2025-54509	2026-06-10 03:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

917	8.6	HIGH ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when … Update	NVD-CWE-noinfo	CVE-2026-46273	2026-06-10 02:31	2026-06-4	表示	GitHub Exploit DB Packet Storm

918	8.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immedia… Update	CWE-416 解放済みメモリの使用	CVE-2026-46264	2026-06-10 02:26	2026-06-4	表示	GitHub Exploit DB Packet Storm

919	8.1	HIGH ネットワーク	google	chrome	Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (… Update	CWE-346 同一生成元ポリシー違反	CVE-2026-11693	2026-06-10 02:26	2026-06-9	表示	GitHub Exploit DB Packet Storm

920	5.4	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Update	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11701	2026-06-10 02:24	2026-06-9	表示	GitHub Exploit DB Packet Storm

921	7.5	HIGH ネットワーク	perl	dbi	DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer wit… Update	CWE-787 境界外書き込み	CVE-2026-9698	2026-06-10 02:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

922	9.8	CRITICAL ネットワーク	-	-	YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sa… Update	CWE-94 CWE-1333 コード・インジェクション非効率的な正規表現の複雑さ	CVE-2026-52778	2026-06-10 02:17	2026-06-9	表示	GitHub Exploit DB Packet Storm

923	6.5	MEDIUM ネットワーク	-	-	Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. New	CWE-200 情報漏えい	CVE-2026-50508	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

924	8.8	HIGH ネットワーク	-	-	Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration… New	CWE-78 OSコマンド・インジェクション	CVE-2026-49959	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

925	5.0	MEDIUM ローカル	-	-	Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete… New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-49958	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

926	5.3	MEDIUM ネットワーク	-	-	Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey option… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-49955	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

927	6.5	MEDIUM ネットワーク	-	-	The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path … Update	CWE-22 パス・トラバーサル	CVE-2026-49818	2026-06-10 02:17	2026-06-9	表示	GitHub Exploit DB Packet Storm

928	7.8	HIGH ローカル	-	-	Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally. New	CWE-284 不適切なアクセス制御	CVE-2026-49161	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

929	7.1	HIGH ローカル	-	-	Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. New	CWE-20 CWE-23 不適切な入力確認相対的パストラバーサル	CVE-2026-48569	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

930	7.8	HIGH ローカル	-	-	Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. New	CWE-426 信頼性のない検索パス	CVE-2026-48565	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

931	4.6	MEDIUM ネットワーク	-	-	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-48562	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

932	5.4	MEDIUM ネットワーク	-	-	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-48560	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

933	7.5	HIGH ネットワーク	-	-	Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. New	CWE-416 解放済みメモリの使用	CVE-2026-47654	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

934	8.8	HIGH ネットワーク	-	-	Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. New	CWE-416 解放済みメモリの使用	CVE-2026-47653	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

935	9.8	CRITICAL ネットワーク	-	-	External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. New	CWE-73 ファイル名やパス名の外部制御	CVE-2026-47643	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

936	8.1	HIGH ネットワーク	-	-	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47631	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

937	8.0	HIGH ネットワーク	-	-	Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. New	CWE-285 不適切な認可	CVE-2026-47298	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

938	7.0	HIGH ローカル	-	-	Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. New	CWE-416 解放済みメモリの使用	CVE-2026-47293	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

939	7.8	HIGH ローカル	-	-	Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. New	CWE-94 CWE-829 コード・インジェクション信頼性のない制御領域からの機能の組み込み	CVE-2026-47292	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

940	8.8	HIGH ネットワーク	-	-	Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. New	CWE-122 ヒープオーバーフロー	CVE-2026-47289	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

941	6.5	MEDIUM ネットワーク	-	-	Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. New	CWE-23 相対的パストラバーサル	CVE-2026-47287	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

942	6.5	MEDIUM ネットワーク	-	-	Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. New	CWE-200 情報漏えい	CVE-2026-47284	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

943	9.6	CRITICAL ネットワーク	-	-	Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. New	CWE-306 CWE-798 CWE-862 重要な機能に対する認証の欠如解説ハードコードされた認証情報の使用認証の欠如	CVE-2026-47281	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

944	7.2	HIGH ネットワーク	-	-	md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When u… New	CWE-80 CWE-87 クロスサイトスクリプティング (Basic XSS) 代替 XSS 構文の不適切な無効化	CVE-2026-46492	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

945	4.3	MEDIUM ネットワーク	-	-	User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network. New	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-45650	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

946	7.1	HIGH ローカル	-	-	Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. New	CWE-284 不適切なアクセス制御	CVE-2026-45649	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

947	5.5	MEDIUM ローカル	-	-	Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-45647	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

948	7.8	HIGH ローカル	-	-	Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. New	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-45645	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

949	8.0	HIGH ネットワーク	-	-	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-45644	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

950	7.5	HIGH ネットワーク	-	-	Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. New	CWE-125 境界外読み取り	CVE-2026-45639	2026-06-10 02:17	2026-06-10	表示	GitHub Exploit DB Packet Storm